RELAY APPARATUS, RECORDING MEDIUM CONTAINING RELAY PROGRAM, AND COMMUNICATION SYSTEM
A relay apparatus that transfers packets each including identification information specifying connection between a first apparatus and a second apparatus, a destination address, and a source address performs: receiving, from the first apparatus, a first packet in which the identification information includes encryption information obtained by encrypting an address of the first apparatus; transmitting, to the second apparatus, a second packet in which the source address of the first packet is converted into an address of the relay apparatus; receiving, from the second apparatus, a third packet in which the destination address and source address of the second packet are switched; and transmitting, to the first apparatus, a fourth packet in which the destination address is converted on the basis of the address of the first apparatus, which is obtained by decrypting encryption information included in the identification information of the third packet.
Latest FUJITSU LIMITED Patents:
- SIGNAL RECEPTION METHOD AND APPARATUS AND SYSTEM
- COMPUTER-READABLE RECORDING MEDIUM STORING SPECIFYING PROGRAM, SPECIFYING METHOD, AND INFORMATION PROCESSING APPARATUS
- COMPUTER-READABLE RECORDING MEDIUM STORING INFORMATION PROCESSING PROGRAM, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING APPARATUS
- COMPUTER-READABLE RECORDING MEDIUM STORING INFORMATION PROCESSING PROGRAM, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING DEVICE
- Terminal device and transmission power control method
The present invention relates to a technology in which a relay apparatus, located among a plurality of apparatuses for transmitting and receiving call processing packets using an Internet protocol (IP), for transmitting a call processing packet received from one apparatus to a different apparatus, and more particularly, to relay apparatus that can transmit a call processing packet received from one apparatus to a different apparatus in any state.
SUMMARYAccording to an aspect of an embodiment of the present invention, a relay apparatus that transfers packets each including identification information specifying connection between a first apparatus and a second apparatus, a destination address, and a source address performs: receiving, from the first apparatus, a first packet in which the identification information includes encryption information obtained by encrypting an address of the first apparatus, and which has an address of the second apparatus as the destination address, and the address of the first apparatus as the source address; transmitting, to the second apparatus, a second packet in which the source address of the first packet is converted into an address of the relay apparatus; receiving, from the second apparatus, a third packet in which the destination address and source address of the second packet are switched; and transmitting, to the first apparatus, a fourth packet in which the destination address is converted on the basis of the address of the first apparatus, which is obtained by decrypting encryption information included in the identification information of the third packet.
An embodiment of the present invention is described below with reference to the accompanying drawings.
1. Block Diagram Showing Overview of the Present InventionOperations of the relay apparatus 3 according to the present invention are briefly described below.
1) The relay apparatus 3 receives a packet from the terminal-A 1 as the calling party. An address used to receive this packet is a virtual IP address exposed by the relay apparatus 3 to the terminal-A 1 as the calling party. This virtual IP address is defined as an IP address representing a distribution destination by the relay apparatus 3. Next, the relay apparatus 3 selects a distributed SIP server by considering communication statuses, response times, etc., of distributed SIP servers. The relay apparatus 3 extracts an IP address of the selected distributed SIP server from a load-distribution definition table 31 defining IP addresses of the distributed SIP servers. The relay apparatus 3 transmits a packet including the extracted IP address as a destination. Here, it is assumed that the server-B 7 is selected as a distribution destination.
(2) The relay apparatus 3 receives a packet from the server-B 7. This packet, includes encryption information obtained by encrypting an address specifying the server-B 7. The encryption converts a character string representing the address into another character string by using a server-information conversion table 73 defining a conversion method determined beforehand with the relay apparatus 3. Next, the relay apparatus 3 transmits, to the terminal-B 15 as the called party, a packet in which a transmission source of the received packet is rewritten by a virtual IP address of the relay apparatus 3.
(3) The relay apparatus 3 receives the packet including the encryption information from the terminal-B 15, Next, the relay apparatus 3 decrypts the encryption information. In the decryption, the character string converted in the operation (2) is restored by using a server-information conversion table 33 having information similar to that of the server-information conversion table 73. The relay apparatus 3 extracts, from a distributed server correspondence table 35, destination information corresponding to the address which specifies the server-B 7 and which is obtained by decryption, The relay apparatus 3 transmits a packet in which the extracted destination information is set.
The above operations (2) and (3) form the present invention. The present invention is fully described below.
2. Block Diagram Showing Hardware Configuration of Relay ApparatusThe load-distribution definition table 31 includes an IP address of a server that serves as a distribution destination corresponding to the virtual IP address. The server-information conversion table 33 has information for decrypting the encryption information extracted from the packet received from the terminal-B 15. The distributed server correspondence table 35 includes an IP address of a server that is a distribution destination corresponding to the decrypted information. The relay program 37 realizes the operations (1) to (3). The bus 305 exchanges data among the CPU 301, the storage unit 303, and the communication unit 307. The communication unit 307 performs communication between one of the terminal-A 1 and the terminal-B 15, and the relay apparatus 3, and communication between one of the server-A 6, the server-B 7, and the server-C 8, and the relay apparatus 3.
2.1. Illustration Showing Configuration of Load-Distribution Definition TableFirst, a process of the relay apparatus 3 when it performs the operation (1) in
In step S501, the CPU 301 receives a packet transmitted by the terminal-A 1 as the calling party through the communication unit 307. This packet includes an IP header, a UDP header, a SIP start line, an SIP header, and an SIP message body.
3.1. Illustration of Packet StructureA UDP header 603 includes a transmission source port number that is a port number of the party that transmits the packet, and a destination port number that is a port number of the party to which the packet is conveyed. The term “UDP” is an abbreviation of a user datagram protocol. In addition, the term “port number” is an auxiliary address provided below an IP address in order to establish simultaneous connection to a plurality of different parties. In the case of the operation (1) in
A SIP start line 605 is used to define A SIP message. A SIP message is divided into two types, a request and a response. The request includes a method name representing a request type. Request types include INVITE (establish a call), BYE (finish a call), and CANCEL (finish establishing processing in the middle of call setting). The response includes a status code representing a response type. Response types include “1xx” (temporary), “2xx” (success), “3xx” (client error) , and “4xx” (server error). In the case of the operation (1) in
A SIP header 607 is used to define various types of information necessary for processing the SIP message. Header types include a “To header” (transmission destination of request), a “From header” (transmission source of request), and a “Call-ID header” (which is identification information specifying connection between apparatuses and which is used to specify a call). In the case of the operation (1) in
A SIP message body 609 is used to define information based on a format defined by a protocol other than the SIP. This information is an option in SIP message configuration. In the operation (1) in
Referring back to
In step S503, the CPU 301 determines whether the received packet is addressed to a virtual IP address. This determination is performed by checking whether the above destination IP address is identical to the above virtual IP address. In the case of the operation (1) in
In step S507, the CPU 301 verifies the format of the Call-ID. This verification is performed by determining whether the format of the Call-ID has been determined beforehand with a distributed server. This determination is performed by checking whether the number of characters of a portion 6072 (
In step S509, the CPU 301 selects a distributed server for distributing the packet. This selection is performed in order to equalize loads on distributed servers. This selection is performed by considering communication statuses, response times, CPUs, etc., of the distributed servers. Here, it is assumed that the server-B 7 is selected.
In step S511, the CPU 301 sets the IP address of the server-B 7, which is the selected distribution destination, as a destination IP address. The used IP address of the server-B 7 is one IP address 313 in the load-distribution definition table 31 in
In step S513, the CPU 301 transmits the packet to the sever-B 7 as the distribution destination through the communication unit 307.
Next, the process of the relay apparatus 3 when it performs the operation (2) in
In step S501, the CPU 301 receives a packet generated and transmitted by the server-B 7 as the distribution destination through the communication unit 307. In the case of the operation (2) in
Although the SIP header 607 includes information elements, the Call-ID header (which is identification information specifying connection between apparatuses and which is used to specify a call) according to the present invention is only described. A portion 6071 preceding the at mark of the Call-ID header is information for identifying a call. For this information, it is recommended to apply the random ID generating rules in RFC1750 in order to set a globally unique value. A portion 6072 succeeding at the mark in the Call-ID header is obtained by encrypting information (address) identifying a distributed server. This information is obtained such that, when a distributed server that serves as a packet transmission source transmits a packet to the terminal-B 15 as the called party, information having both the IP address and port number of the distributed server is encrypted by using the server-information conversion tables 63, 73, and 83. In the case of the operation (2) in
Referring back to
In step S503, the CPU 301 determines whether the received packet is addressed to a virtual IP address. This determination is performed by checking whether the above destination IP address is identical to the above virtual IP address. In the case of the operation (2) in
In step S515, the CPU 301 determines whether the received packet has been sent from the server-B 7 as a distribution destination, and whether the SIP message is a request. The determination of whether the received packet has been sent from the server-B 7 is performed by checking whether a transmission source IP address in the IP header 601 is included in the IP addresses 313 in the load-distribution definition table 31 shown in
In step S517, the CPU 301 sets a virtual IP address as the transmission source IP address of the packet. The virtual IP address is information that the relay apparatus 3 has as information related to the load-distribution definition table 31 in
In step S513, the CPU 301 transmits the packet to the terminal-B 15 through the communication unit 307.
Finally, the process of the relay apparatus 3 when it performs the operation (3) in
In step S501, the CPU 301 receives a packet generated and transmitted by the terminal-B 15 as the called party via the communication unit 307. In the case of the operation (3) in
Referring back to
In step S503, the CPU 301 determines whether the received packet is addressed to a virtual IP. This determination is performed by checking whether the above IP address is identical to the above virtual IP address. In the case of the operation (3) in
In step S507, the CPU 301 verifies the format of the Call-ID. This verification is performed by determining whether the format of the Call-ID has been determined beforehand with a distributed server. This determination is performed by checking whether the number of characters of a portion 6072 succeeding at the mark of the Call-ID header is the sum of the IP address and the port number, and checking whether all character types are the converted characters as the converted information 333 in the server-information conversion table 33. In the case of the operation (3) in
In step S519, the CPU 301 extracts an encrypted, server-information character-string portion from the Call-ID header. The encrypted server-information character-string portion is a portion 6072 succeeding at the mark in the Call-ID header. Accordingly, the portion 6072 succeeding at the mark is extracted.
In step S521, the CPU 301 decrypts the encrypted server-information character-string portion. The encrypted server-information character-string portion is the portion 6072 succeeding at the mark in the Call-ID header. In the decryption, the server-information conversion table 33 in
In step S523, the CPU 301 determines whether the decryption has been successful. In this determination, by using the server-information conversion table 33, it is checked whether the portion 6072 succeeding at the mark in the Call-ID header has all been restored to an unconverted state. If the decryption has been successful, the process proceeds to step S525. If the decryption has not been successful, the process proceeds to step S509.
In step S525, the CPU 301 searches for a distributed server corresponding to the decrypted server information. This processing is performed by searching the decrypted-server-information character strings 353 in
In step S527, the CPU 301 determines whether the distributed server corresponding to the decrypted server information has been found. This determination is performed by checking whether the distributed-server IP address 355 corresponding to the decrypted server information is included in the distributed server correspondence table 35. If the distributed-server IP address 355 corresponding to the decrypted server information has been found, the process proceeds to step S529. If the distributed-server IP address 355 corresponding to the decrypted server information has not been found, the process proceeds to step S509.
In step S529, the CPU 301 rewrites the destination IP address of the packet into the found distributed-server IP address 355. This rewriting is performed by setting the distributed-server IP address 355 as the destination IP address of the IP header 601.
In step S513, the CPU 301 transmits the packet to the sever-B 7 as a distribution destination via the communication unit 307.
Although the present invention has been described on the basis of an embodiment, the present invention is not limited to the above-described embodiment.
Claims
1. A relay apparatus for transferring packets each including identification information specifying connection between a first apparatus and a second apparatus, a destination address, and a source address,
- wherein:
- from the first apparatus, the relay apparatus receives a first packet in which the identification information includes encryption information obtained by encrypting an address of the first apparatus, and which has an address of the second apparatus as the destination address, and the address of the first apparatus as the source address;
- the relay apparatus transmits, to the second apparatus, a second packet in which the source address of the first packet is converted into an address of the relay apparatus;
- from the second apparatus, the relay apparatus receives a third packet in which the destination address and source address of the second packet are switched; and
- the relay apparatus transmits, to the first apparatus, a fourth packet in which the destination address is converted on the basis of the address of the first apparatus, which is obtained by decrypting encryption information included in the identification information of the third packet,
2. The relay apparatus according to claim 1, wherein the address of the first apparatus is information related to a number specifying a network-connected apparatus.
3. The relay apparatus according to claim 1, wherein the identification information is included in call control information, in each packet, for controlling audio communication.
4. A recording medium, readable by an information processing apparatus, containing a relay program for controlling a relay apparatus for transferring packets each including identification information specifying connection between a first apparatus and a second apparatus, a destination address, and a source address, the relay program allowing the relay apparatus to execute the steps of:
- receiving, from the first apparatus, a first packet in which the identification information includes encryption information obtained by encrypting an address of the first apparatus, and which has an address of the second apparatus as the destination address, and the address of the first apparatus as the source address;
- transmitting, to the second apparatus, a second packet in which the source address of the first packet is converted into an address of the relay apparatus;
- receiving, from the second apparatus, a third packet in which the destination address and source address of the second packet are switched; and
- transmitting, to the first apparatus, a fourth packet in which the destination address is converted on the basis of the address of the first apparatus, which is obtained by decrypting encryption information included in the identification information of the third packet.
5. A communication system comprising;
- first and second apparatuses for transmitting and receiving packets each including identification information specifying connection between the first and second apparatuses, a destination address, and a source address; and
- a relay apparatus connected to the first and second apparatuses,
- wherein:
- the first apparatus transmits, to the relay apparatus, a first packet in which the identification information includes encryption information obtained by encrypting an address of the first apparatus, and which has an address of the second apparatus as the destination address, and the address of the first apparatus as the source address;
- the relay apparatus transmits, to the second apparatus, a second packet in which the source address of the first packet is converted into an address of the relay apparatus;
- the second apparatus transmits, to the relay apparatus, a third packet in which the destination address and source address of the second packet are switched; and
- the relay apparatus transmits, to the first apparatus, a fourth packet in which the destination address is converted on the basis of the address of the first apparatus, which is obtained by decrypting encryption information included in the identification information of the third packet.
Type: Application
Filed: Feb 5, 2008
Publication Date: Aug 14, 2008
Applicant: FUJITSU LIMITED (Kawasaki-shi)
Inventor: Yuusuke Shimada (Kawasaki)
Application Number: 12/026,218
International Classification: G06F 15/16 (20060101);